Network Algorithms and Complexity (NTUA-MPLA) Reliable Broadcast. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas

Similar documents
On the Resilience and Uniqueness of CPA for Secure Broadcast

Agreement Protocols. CS60002: Distributed Systems. Pallab Dasgupta Dept. of Computer Sc. & Engg., Indian Institute of Technology Kharagpur

Byzantine Agreement. Gábor Mészáros. CEU Budapest, Hungary

Fault-Tolerant Consensus

Byzantine Agreement. Gábor Mészáros. Tatracrypt 2012, July 2 4 Smolenice, Slovakia. CEU Budapest, Hungary

Distributed Systems Byzantine Agreement

AGREEMENT PROBLEMS (1) Agreement problems arise in many practical applications:

Broadcast and Verifiable Secret Sharing: New Security Models and Round-Optimal Constructions

Byzantine behavior also includes collusion, i.e., all byzantine nodes are being controlled by the same adversary.

Byzantine Agreement. Chapter Validity 190 CHAPTER 17. BYZANTINE AGREEMENT

CS505: Distributed Systems

Optimal and Player-Replaceable Consensus with an Honest Majority Silvio Micali and Vinod Vaikuntanathan

Coordination. Failures and Consensus. Consensus. Consensus. Overview. Properties for Correct Consensus. Variant I: Consensus (C) P 1. v 1.

Authenticated Broadcast with a Partially Compromised Public-Key Infrastructure

The Weighted Byzantine Agreement Problem

Asynchronous Models For Consensus

On Expected Constant-Round Protocols for Byzantine Agreement

On Achieving the Best of Both Worlds in Secure Multiparty Computation

Simple Bivalency Proofs of the Lower Bounds in Synchronous Consensus Problems

Degradable Agreement in the Presence of. Byzantine Faults. Nitin H. Vaidya. Technical Report #

Efficient General-Adversary Multi-Party Computation

Lower Bounds for Achieving Synchronous Early Stopping Consensus with Orderly Crash Failures

On the Number of Synchronous Rounds Required for Byzantine Agreement

Section 6 Fault-Tolerant Consensus

Consensus. Consensus problems

Do we have a quorum?

Finally the Weakest Failure Detector for Non-Blocking Atomic Commit

Realistic Failures in Secure Multi-Party Computation

Optimal Resilience Asynchronous Approximate Agreement

Implementing Uniform Reliable Broadcast with Binary Consensus in Systems with Fair-Lossy Links

Early stopping: the idea. TRB for benign failures. Early Stopping: The Protocol. Termination

Oblivious Transfer in Incomplete Networks

Towards optimal synchronous counting

Tolerating Permanent and Transient Value Faults

Communication-Efficient Randomized Consensus

Distributed Consensus

ROBUST & SPECULATIVE BYZANTINE RANDOMIZED CONSENSUS WITH CONSTANT TIME COMPLEXITY IN NORMAL CONDITIONS

How to solve consensus in the smallest window of synchrony

Model Checking of Fault-Tolerant Distributed Algorithms

Broadcast Amplification

Randomized Protocols for Asynchronous Consensus

Byzantine Agreement in Polynomial Expected Time

6.852: Distributed Algorithms Fall, Class 24

Bee s Strategy Against Byzantines Replacing Byzantine Participants

On Expected Constant-Round Protocols for Byzantine Agreement

On Equilibria of Distributed Message-Passing Games

CS505: Distributed Systems

Robust Network Codes for Unicast Connections: A Case Study

Byzantine Vector Consensus in Complete Graphs

Round Complexity of Authenticated Broadcast with a Dishonest Majority

6.897: Selected Topics in Cryptography Lectures 7 and 8. Lecturer: Ran Canetti

The Complexity of a Reliable Distributed System

1 Introduction. 1.1 The Problem Domain. Self-Stablization UC Davis Earl Barr. Lecture 1 Introduction Winter 2007

Eventually consistent failure detectors

1/p-Secure Multiparty Computation without an Honest Majority and the Best of Both Worlds

Early-Deciding Consensus is Expensive

Byzantine agreement with homonyms

Almost-Surely Terminating Asynchronous Byzantine Agreement Revisited

: Cryptography and Game Theory Ran Canetti and Alon Rosen. Lecture 8

Faster Agreement via a Spectral Method for Detecting Malicious Behavior

Secure Multiparty Computation from Graph Colouring

C 1. Recap: Finger Table. CSE 486/586 Distributed Systems Consensus. One Reason: Impossibility of Consensus. Let s Consider This

Impossibility of Distributed Consensus with One Faulty Process

Benny Pinkas. Winter School on Secure Computation and Efficiency Bar-Ilan University, Israel 30/1/2011-1/2/2011

Cryptographic Asynchronous Multi-Party Computation with Optimal Resilience

Secure Computation. Unconditionally Secure Multi- Party Computation

Round-Efficient Multi-party Computation with a Dishonest Majority

Unreliable Failure Detectors for Reliable Distributed Systems

Impossibility Results for Universal Composability in Public-Key Models and with Fixed Inputs

Deterministic Consensus Algorithm with Linear Per-Bit Complexity

Early consensus in an asynchronous system with a weak failure detector*

EFFICIENT COUNTING WITH OPTIMAL RESILIENCE. Lenzen, Christoph.

Shared Memory vs Message Passing

Information-Theoretic Lower Bounds on the Storage Cost of Shared Memory Emulation

The Byzantine Generals Problem Leslie Lamport, Robert Shostak and Marshall Pease. Presenter: Jose Calvo-Villagran

Failure detectors Introduction CHAPTER

Consensus and Universal Construction"

Combining Shared Coin Algorithms

Replication predicates for dependent-failure algorithms

Symmetric Rendezvous in Graphs: Deterministic Approaches

Valency Arguments CHAPTER7

Round-Efficient Perfectly Secure Message Transmission Scheme Against General Adversary

Concurrent Non-malleable Commitments from any One-way Function

Gradient Clock Synchronization

Efficient Probabilistically Checkable Debates

Towards Optimal Synchronous Counting

Radio Network Clustering from Scratch

A Realistic Look At Failure Detectors

Distributed Computing in Shared Memory and Networks

Interactive Channel Capacity

Distributed Algorithms

A Full Characterization of Functions that Imply Fair Coin Tossing and Ramifications to Fairness

Time. Lakshmi Ganesh. (slides borrowed from Maya Haridasan, Michael George)

Genuine atomic multicast in asynchronous distributed systems

SFM-11:CONNECT Summer School, Bertinoro, June 2011

Protocols for Multiparty Coin Toss with a Dishonest Majority

Uniform consensus is harder than consensus

ABSTRACT BROADCAST AND VERIFIABLE SECRET SHARING: NEW SECURITY MODELS AND ROUND-OPTIMAL CONSTRUCTIONS. Ranjit Kumaresan, Doctor of Philosophy, 2012

The Las-Vegas Processor Identity Problem (How and When to Be Unique)

Resilient Asymptotic Consensus in Robust Networks

Transcription:

Network Algorithms and Complexity (NTUA-MPLA) Reliable Broadcast Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Slides are partially based on the joint work of Christos Litsas, Aris Pagourtzis, Giorgos Panagiotakos and Dimitris Sakavalas

Introduction Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 2 / 62

Secure Distributed Computing ˆ Several interacting entities (players/agents) that cooperate to achieve a common goal in the absence of a central authority. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 3 / 62

Secure Distributed Computing ˆ Several interacting entities (players/agents) that cooperate to achieve a common goal in the absence of a central authority. ˆ Players arranged in a communication network. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 3 / 62

Secure Distributed Computing ˆ Several interacting entities (players/agents) that cooperate to achieve a common goal in the absence of a central authority. ˆ Players arranged in a communication network. ˆ Adversarial Behavior: Corrupted players controlled by a central adversary. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 3 / 62

Secure Distributed Computing ˆ Several interacting entities (players/agents) that cooperate to achieve a common goal in the absence of a central authority. ˆ Players arranged in a communication network. ˆ Adversarial Behavior: Corrupted players controlled by a central adversary. Cope with corruption. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 3 / 62

Agreement in Unreliable Distributed Systems Two Major (equivalent) variations of the problem [Lamport, Shostak, Pease 1982]. Broadcast (Byzantine Generals) The goal is to have some designated player, called the dealer, consistently send a message to all other players. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 4 / 62

Agreement in Unreliable Distributed Systems Two Major (equivalent) variations of the problem [Lamport, Shostak, Pease 1982]. Broadcast (Byzantine Generals) The goal is to have some designated player, called the dealer, consistently send a message to all other players. Consensus (Byzantine Agreement) Goal: Make all players agree on the same output value (decision) given that every player starts with an input value. If all correct players hold the same input value then the decision is required to be the same as this input value. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 4 / 62

Agreement in Unreliable Distributed Systems Two Major (equivalent) variations of the problem [Lamport, Shostak, Pease 1982]. Broadcast (Byzantine Generals) The goal is to have some designated player, called the dealer, consistently send a message to all other players. Consensus (Byzantine Agreement) Goal: Make all players agree on the same output value (decision) given that every player starts with an input value. If all correct players hold the same input value then the decision is required to be the same as this input value. Polynomially equivalent (for t < n/2, where n number of players, t: number of corruptions). Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 4 / 62

Ideal Broadcast x x x x Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 5 / 62

Ideal Broadcast x x x x Common Decision x Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 5 / 62

Real Broadcast x Authenticated channels x x x Common Decision x x x Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 5 / 62

Real Broadcast with Corrupted Dealer x x x y x y Common Decision x, y?? Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 5 / 62

Broadcast in Incomplete Networks x x x Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 6 / 62

Broadcast in Incomplete Networks II x x x x Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 6 / 62

Broadcast in Incomplete Networks III y y y?? x Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 6 / 62

Problem Definition Player Set: V = {v 1, v 2,, v n }, Corrupted Players Set:T V. Each v V finally outputs (decides on) a value decision(v). Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 7 / 62

Problem Definition Player Set: V = {v 1, v 2,, v n }, Corrupted Players Set:T V. Each v V finally outputs (decides on) a value decision(v). Broadcast (Byzantine Generals) Dealer D V with input value x D. Π is a Broadcast protocol for V if it satisfies: 1 (Consistency) All honest players decide on the same value decision(v). 2 (Validity) If D is honest then all honest players decide on the dealer s value x D. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 7 / 62

Problem Definition Player Set: V = {v 1, v 2,, v n }, Corrupted Players Set:T V. Each v V finally outputs (decides on) a value decision(v). Broadcast (Byzantine Generals) Dealer D V with input value x D. Π is a Broadcast protocol for V if it satisfies: 1 (Consistency) All honest players decide on the same value decision(v). 2 (Validity) If D is honest then all honest players decide on the dealer s value x D. Consensus (Byzantine Agreement) Every player v V has an input value x v. Π is a Consensus protocol for V if it satisfies: 1 (Consistency) All honest players decide on the same value decision(v). 2 (Validity) If all honest players have the same input value x then all honest players decide x. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 7 / 62

Adversary Model Corruption Type ˆ Passive: Obtains all internal data of corrupted players. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 8 / 62

Adversary Model Corruption Type ˆ Passive: Obtains all internal data of corrupted players. ˆ Active (Byzantine): Full control of corrupted players. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 8 / 62

Adversary Model Corruption Type ˆ Passive: Obtains all internal data of corrupted players. ˆ Active (Byzantine): Full control of corrupted players. ˆ Fail-Stop (Fault): Makes corrupted players crash at any time. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 8 / 62

Adversary Model Corruption Type ˆ Passive: Obtains all internal data of corrupted players. ˆ Active (Byzantine): Full control of corrupted players. ˆ Fail-Stop (Fault): Makes corrupted players crash at any time. ˆ Static/Adaptive/Mobile Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 8 / 62

Adversary Model Corruption Type ˆ Passive: Obtains all internal data of corrupted players. ˆ Active (Byzantine): Full control of corrupted players. ˆ Fail-Stop (Fault): Makes corrupted players crash at any time. ˆ Static/Adaptive/Mobile Adversary s Computing Power ˆ Unlimited Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 8 / 62

Adversary Model Corruption Type ˆ Passive: Obtains all internal data of corrupted players. ˆ Active (Byzantine): Full control of corrupted players. ˆ Fail-Stop (Fault): Makes corrupted players crash at any time. ˆ Static/Adaptive/Mobile Adversary s Computing Power ˆ Unlimited ˆ Computationally Bounded (to probabilistic polynomial time computations in a security parameter κ). Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 8 / 62

Adversary Model Corruption Type ˆ Passive: Obtains all internal data of corrupted players. ˆ Active (Byzantine): Full control of corrupted players. ˆ Fail-Stop (Fault): Makes corrupted players crash at any time. ˆ Static/Adaptive/Mobile Adversary s Computing Power ˆ Unlimited ˆ Computationally Bounded (to probabilistic polynomial time computations in a security parameter κ). t-threshold Adversary: Can corrupt all player subsets of size at most t. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 8 / 62

Adversary Model Corruption Type ˆ Passive: Obtains all internal data of corrupted players. ˆ Active (Byzantine): Full control of corrupted players. ˆ Fail-Stop (Fault): Makes corrupted players crash at any time. ˆ Static/Adaptive/Mobile Adversary s Computing Power ˆ Unlimited ˆ Computationally Bounded (to probabilistic polynomial time computations in a security parameter κ). t-threshold Adversary: Can corrupt all player subsets of size at most t. General Adversary: Characterized by the adversary structure Z which enumerates all possible subsets of corrupted players. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 8 / 62

Communication Model Communication Channels ˆ Authenticated Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 9 / 62

Communication Model Communication Channels ˆ Authenticated ˆ Synchronous/Asynchronous (No deterministic protocol can achieve asynchronous fault-tolerant Broadcast [FLP85]). Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 9 / 62

Communication Model Communication Channels ˆ Authenticated ˆ Synchronous/Asynchronous (No deterministic protocol can achieve asynchronous fault-tolerant Broadcast [FLP85]). ˆ Complete/Incomplete Communication Networks Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 9 / 62

Communication Model Communication Channels ˆ Authenticated ˆ Synchronous/Asynchronous (No deterministic protocol can achieve asynchronous fault-tolerant Broadcast [FLP85]). ˆ Complete/Incomplete Communication Networks Asynchronous Model: Honest players cannot wait for messages from more than n t players in each round, where n is the number of players and t the number of corruptions tolerated. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 9 / 62

Security Security is defined with respect to a security parameter κ, allowing an error probability ɛ that is negligible in function of κ. ˆ Computational/Cryptographic: Security against a computationally bounded adversary. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 10 / 62

Security Security is defined with respect to a security parameter κ, allowing an error probability ɛ that is negligible in function of κ. ˆ Computational/Cryptographic: Security against a computationally bounded adversary. ˆ Unconditional/Information-Theoretic: Security against an unlimited adversary. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 10 / 62

Security Security is defined with respect to a security parameter κ, allowing an error probability ɛ that is negligible in function of κ. ˆ Computational/Cryptographic: Security against a computationally bounded adversary. ˆ Unconditional/Information-Theoretic: Security against an unlimited adversary. ˆ Perfect Security: Unconditional Security with zero error probability. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 10 / 62

Security Security is defined with respect to a security parameter κ, allowing an error probability ɛ that is negligible in function of κ. ˆ Computational/Cryptographic: Security against a computationally bounded adversary. ˆ Unconditional/Information-Theoretic: Security against an unlimited adversary. ˆ Perfect Security: Unconditional Security with zero error probability. Consistently shared data: Typically a PKI. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 10 / 62

Efficiency and Resiliency Communication round: All players in parallel receive the latest messages from their neighbors, perform arbitrary local computation and finally send new messages to their neighbors. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 11 / 62

Efficiency and Resiliency Communication round: All players in parallel receive the latest messages from their neighbors, perform arbitrary local computation and finally send new messages to their neighbors. Efficiency and Resiliency We want to optimize ˆ Bit/Message Complexity: Total number of bits/messages sent by all honest players. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 11 / 62

Efficiency and Resiliency Communication round: All players in parallel receive the latest messages from their neighbors, perform arbitrary local computation and finally send new messages to their neighbors. Efficiency and Resiliency We want to optimize ˆ Bit/Message Complexity: Total number of bits/messages sent by all honest players. ˆ Round Complexity: Maximum number of rounds required by any honest player. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 11 / 62

Efficiency and Resiliency Communication round: All players in parallel receive the latest messages from their neighbors, perform arbitrary local computation and finally send new messages to their neighbors. Efficiency and Resiliency We want to optimize ˆ Bit/Message Complexity: Total number of bits/messages sent by all honest players. ˆ Round Complexity: Maximum number of rounds required by any honest player. ˆ Local Computation Complexity: Maximum over the local computational worst-case complexities of all honest players. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 11 / 62

Efficiency and Resiliency Communication round: All players in parallel receive the latest messages from their neighbors, perform arbitrary local computation and finally send new messages to their neighbors. Efficiency and Resiliency We want to optimize ˆ Bit/Message Complexity: Total number of bits/messages sent by all honest players. ˆ Round Complexity: Maximum number of rounds required by any honest player. ˆ Local Computation Complexity: Maximum over the local computational worst-case complexities of all honest players. ˆ Resiliency: Number of corrupted players t a protocol can tolerate. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 11 / 62

Exponential Information Gathering Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 12 / 62

EIG Tree value dealer D sent me D value v 2 reported for Dv 1 value v 1 reported for D value v 2 reported for D... v 1 v 2 v n 1 v 2... v n 1 v 1 v 3... v n 1 v 1... v n 2 v 3... v n 1......... v 1 v 4 v n 1......... Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 13 / 62

EIG Algorithm I - Information Gathering Information Gathering Round 1 1 Dealer sends its initial value x D to the n 1 other players and decides on x D. 2 Each v stores value x D in the root of tree v (tree v (D) = x D ). A special default value of is stored if the Dealer failed to send a legitimate value in X. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 14 / 62

EIG Algorithm I - Information Gathering Information Gathering Round 1 1 Dealer sends its initial value x D to the n 1 other players and decides on x D. 2 Each v stores value x D in the root of tree v (tree v (D) = x D ). A special default value of is stored if the Dealer failed to send a legitimate value in X. Round h, 2 h t + 1 1 Each v broadcasts the leaves of its round (h 1) tree. 2 Every v adds a new level to its tree, storing at node D... qr the value that r claims to have stored in node D... q in its own tree r. Again, is used for inappropriate messages. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 14 / 62

EIG Algorithm I - Information Gathering Information Gathering Round 1 1 Dealer sends its initial value x D to the n 1 other players and decides on x D. 2 Each v stores value x D in the root of tree v (tree v (D) = x D ). A special default value of is stored if the Dealer failed to send a legitimate value in X. Round h, 2 h t + 1 1 Each v broadcasts the leaves of its round (h 1) tree. 2 Every v adds a new level to its tree, storing at node D... qr the value that r claims to have stored in node D... q in its own tree r. Again, is used for inappropriate messages. Intuitively, v stores in node D... qr the value that r says q says... the source said. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 14 / 62

EIG Algorithm II - Data Conversion After t + 1 rounds o Information Gathering, each player v computes a the commonly agreed-upon recursive function resolve() in order to decide. Resolve Function (Recursive majority of descendants of node a) For all a sequences of tree v : tree(a) m resolve v (a) =, if a is a leaf;, If m is the majority of resolve applied to the children of a;, If a is not a leaf and no majority exists. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 15 / 62

EIG Algorithm II - Data Conversion After t + 1 rounds o Information Gathering, each player v computes a the commonly agreed-upon recursive function resolve() in order to decide. Resolve Function (Recursive majority of descendants of node a) For all a sequences of tree v : tree(a) m resolve v (a) =, if a is a leaf;, If m is the majority of resolve applied to the children of a;, If a is not a leaf and no majority exists. Decision Player v decides on the value resolve v (D). Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 15 / 62

Complexity of the EIG Algorithm Proposition 2.1 (Lamport, Shostak, Pease 1982). The EIG Algorithm achieves Broadcast in t + 1 rounds provided that n 3t + 1 Bit Complexity For any 1 h t + 1, the h-round EIG tree has O(n h 1 ) leaves, yielding messages of size O(n h 1 ) in round h + 1. Thus, BC and LCC grow exponential in t. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 16 / 62

Complexity of the EIG Algorithm Proposition 2.1 (Lamport, Shostak, Pease 1982). The EIG Algorithm achieves Broadcast in t + 1 rounds provided that n 3t + 1 Bit Complexity For any 1 h t + 1, the h-round EIG tree has O(n h 1 ) leaves, yielding messages of size O(n h 1 ) in round h + 1. Thus, BC and LCC grow exponential in t. [GM98]: First (t + 1)-round fully polynomial, optimal resilience Broadcast protocol. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 16 / 62

Complexity of the EIG Algorithm Proposition 2.1 (Lamport, Shostak, Pease 1982). The EIG Algorithm achieves Broadcast in t + 1 rounds provided that n 3t + 1 Bit Complexity For any 1 h t + 1, the h-round EIG tree has O(n h 1 ) leaves, yielding messages of size O(n h 1 ) in round h + 1. Thus, BC and LCC grow exponential in t. [GM98]: First (t + 1)-round fully polynomial, optimal resilience Broadcast protocol. [Coa87]: Binary Consensus can be used to achieve General Consensus with an overhead of 2 extra rounds and O(n 2 b) extra communication bits, where b maximum length of a message. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 16 / 62

Parameter Lower Bounds Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 17 / 62

Threshold Adversary Model t-threshold Adversary Can corrupt all player subsets of size at most t. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 18 / 62

Threshold Adversary Model t-threshold Adversary Can corrupt all player subsets of size at most t. Complete Networks Broadcast Necessary and Sufficient Condition: t < n/3 [LSP82] Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 18 / 62

Threshold Adversary Model t-threshold Adversary Can corrupt all player subsets of size at most t. Complete Networks Broadcast Necessary and Sufficient Condition: t < n/3 [LSP82] Incomplete Networks Broadcast Necessary and Sufficient Condition [Dol82]: (t < n/3) AND (t < conn(g)/2) G.. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 18 / 62

Parameter Lower Bounds -Overview ˆ Resiliency: n > 3t (Interactive Consistency) [PSL80] ˆ Bit Complexity: BC n(t + 1)/4 [DR85] ˆ Round Complexity: RC t + 1 [FL82, DS83] ˆ Connectivity of Network G: conn(g) > 2t [Dol82] Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 19 / 62

Scenarios ˆ State Assignment C i : An assignment of states to each player. ˆ Message assignment M i : An assignment of a message to each channel. A Scenario is defined to be an infinite sequence: σ = C 0, M 1, C 1, M 2, C 2,... Indistiguishable Scenarios (σ v σ ) Two scenarios σ, σ are indistiguishable with respect to player v, σ v σ if v has the same sequence of states, outgoing and incoming messages (view(v)). Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 20 / 62

Scenarios ˆ State Assignment C i : An assignment of states to each player. ˆ Message assignment M i : An assignment of a message to each channel. A Scenario is defined to be an infinite sequence: σ = C 0, M 1, C 1, M 2, C 2,... Indistiguishable Scenarios (σ v σ ) Two scenarios σ, σ are indistiguishable with respect to player v, σ v σ if v has the same sequence of states, outgoing and incoming messages (view(v)). Scenarios σ, σ may be scenarios of different systems. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 20 / 62

Scenarios ˆ State Assignment C i : An assignment of states to each player. ˆ Message assignment M i : An assignment of a message to each channel. A Scenario is defined to be an infinite sequence: σ = C 0, M 1, C 1, M 2, C 2,... Indistiguishable Scenarios (σ v σ ) Two scenarios σ, σ are indistiguishable with respect to player v, σ v σ if v has the same sequence of states, outgoing and incoming messages (view(v)). Scenarios σ, σ may be scenarios of different systems. decision(v): deterministic function of view(v) (Perfect Security). Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 20 / 62

Connectivity Lower Bound (conn(g) > 2t) σ 0 σ 1 x D = 0 x D = 1 T = C 0 T = C 1 Corrupted players C i of scenario σ i act like in σ 1 i. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 21 / 62

Connectivity Lower Bound (conn(g) > 2t) σ 0 σ 1 x D = 0 x D = 1 T = C 0 T = C 1 Corrupted players C i of scenario σ i act like in σ 1 i. Dealer s value is 1 Scenario σ 0 C 0 G G. D. v C 1 Then, Dealer s value is 0 v G, σ 0 v σ1 decision σ0 (v) = desicion σ1 (v) and thus validity is violated. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 21 / 62

Connectivity Lower Bound (conn(g) > 2t) σ 0 σ 1 x D = 0 x D = 1 T = C 0 T = C 1 Corrupted players C i of scenario σ i act like in σ 1 i. Dealer s value is 1 Scenario σ 1 C 0 G G. D. v C 1 Then, Dealer s value is 0 v G, σ 0 v σ1 decision σ0 (v) = desicion σ1 (v) and thus validity is violated. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 22 / 62

Resiliency-Example I Assume that v 0, v 1, v 2 solve Broadcast in two rounds given that t = 1: 1 The dealer v 0 sends value 2 Each player reports the dealer s value Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 23 / 62

Resiliency-Example I Assume that v 0, v 1, v 2 solve Broadcast in two rounds given that t = 1: 1 The dealer v 0 sends value 2 Each player reports the dealer s value Honest player v 1, knowing that at most one of the v 0, v 2 is corrupted, has to decide on a value that satisfies both conditions of the Broadcast problem. Consider the following view(v 1 ). v 0 v 0 0 v 1 v 2 v 1 1 0 v 2 Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 23 / 62

Resiliency-Example II v Two possible scenarios σ 1 (corrupted v 2 ) and σ 2 (corrupted v 0 ) s.t. σ 1 1 σ 2 (indistinguishable with respect to v 1 ): Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 24 / 62

Resiliency-Example II v Two possible scenarios σ 1 (corrupted v 2 ) and σ 2 (corrupted v 0 ) s.t. σ 1 1 σ 2 (indistinguishable with respect to v 1 ): v 0 v0 σ 1 0 0 v 1 v 2 v 1 1 0 v 2 Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 24 / 62

Resiliency-Example II v Two possible scenarios σ 1 (corrupted v 2 ) and σ 2 (corrupted v 0 ) s.t. σ 1 1 σ 2 (indistinguishable with respect to v 1 ): v 0 v0 σ 1 0 0 v 1 v 2 v 1 1 0 v 2 v 0 v0 σ 2 0 1 v 1 v 2 v 1 1 0 v 2 Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 24 / 62

Resiliency-Example III Impossibility of Broadcast If decision(v 1 ) = 1 and σ 1 holds, then validity is violated, thus decision(v 1 ) = 0 (1) Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 25 / 62

Resiliency-Example III Impossibility of Broadcast If decision(v 1 ) = 1 and σ 1 holds, then validity is violated, thus decision(v 1 ) = 0 (1) If σ 2 holds then by symmetry v 2 should decide on 1 decision(v 1 ) = 1 (2) (1), (2) Consistency is violated. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 25 / 62

Resiliency-Example III Impossibility of Broadcast If decision(v 1 ) = 1 and σ 1 holds, then validity is violated, thus decision(v 1 ) = 0 (1) If σ 2 holds then by symmetry v 2 should decide on 1 decision(v 1 ) = 1 (2) (1), (2) Consistency is violated. The algorithm uses only two rounds and particular types of messages. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 25 / 62

Resiliency Lower Bound I Lemma 3.1. Three players cannot solve the Broadcast problem in the presence of one fault (n = 3 and t = 1). Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 26 / 62

Resiliency Lower Bound I Lemma 3.1. Three players cannot solve the Broadcast problem in the presence of one fault (n = 3 and t = 1). Proof. Assume the existence of algorithm A that achieves Broadcast in system T in the presence of a corrupted player. Construct system H using two copies of T, v 0 v 2 v 0 T v 1 H v 1 v 1 v 2 Figure: Identical copy v k = v k+3 of v k. Connect v k mod 6 with v (k+1) mod 6 and v (k 1) mod 6 v 2 v 0 Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 26 / 62

Resiliency Lower Bound II In H all players run A and have only local names for their two neighbors. Claim For all σ H scenario of H without adversary and k {0,..., 5}, σ T scenario of T in which v (k+2) mod 3 is corrupted s.t. v σ k v H σ T and σ k+1 mod 6 H σt Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 27 / 62

Resiliency Lower Bound II In H all players run A and have only local names for their two neighbors. Claim For all σ H scenario of H without adversary and k {0,..., 5}, σ T scenario of T in which v (k+2) mod 3 is corrupted s.t. v σ k v H σ T and σ k+1 mod 6 H For v k and v k+1 mod 6, their views are indistinguishable from their views as players v k mod 3 and v (k+1) mod 3 in T where the adversary corrupts v (k+2) mod 3 by simply simulating all the remaining players of H. σt Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 27 / 62

Resiliency Lower Bound II In H all players run A and have only local names for their two neighbors. Claim For all σ H scenario of H without adversary and k {0,..., 5}, σ T scenario of T in which v (k+2) mod 3 is corrupted s.t. v σ k v H σ T and σ k+1 mod 6 H For v k and v k+1 mod 6, their views are indistinguishable from their views as players v k mod 3 and v (k+1) mod 3 in T where the adversary corrupts v (k+2) mod 3 by simply simulating all the remaining players of H. Thus, every such pair executes A in H without adversary and achieves Broadcast. If H exhibits contradictory behavior then A cannot exist. σt Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 27 / 62

Resiliency Lower Bound III Example. The adversary corrupts v 2 in T by simulating the subsystem of H encircled v 0 v 2 v 0 T v 2 v 1 v 2 v 1 v 1 H v 1 v 2 v 0 v 2 v 0 Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 28 / 62

Resiliency Lower Bound IV Contradictory behavior of H H involves two players v 0, v 0 of the type corresponding to the Dealer. Suppose they have inputs x 0 {0, 1} and x 0 = 1 x 0 respectively. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 29 / 62

Resiliency Lower Bound IV Contradictory behavior of H H involves two players v 0, v 0 of the type corresponding to the Dealer. Suppose they have inputs x 0 {0, 1} and x 0 = 1 x 0 respectively. v 0 0 v 2 0 v 0 v 1 σ H v 1 0 0 σ T2 1 v 1 v 2 v 2 1 v 0 v σ 0 v H σ T2 and σ 1 H σ T2 decision(v 1 ) = 0 (1) Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 29 / 62

Resiliency Lower Bound V v 0 0 v 2 0 v 0 v 1 σ H v 1 1 1 σ T1 1 v 1 v 2 v 2 1 v 0 Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 30 / 62

Resiliency Lower Bound V v 0 0 v 2 v 0 0 v 1 v 1 σ 1 1 H σ T1 σ H v 0 σ T1 and σ H v 2 σ T1 decision(v 2 ) = 1 (2) 1 v 1 v 2 v 2 1 v 0 Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 30 / 62

Resiliency Lower Bound V v 0 0 v 2 v 0 0 v 1 v 1 σ 1 1 H σ T1 σ H v 0 σ T1 and σ H v 2 σ T1 decision(v 2 ) = 1 (2) 1 v 1 v 2 v 2 1 v 0 v 0 0 v 2 0 v 0 v 1 σ H v 1 0 σ T0 1 1 v 1 v 2 v 2 1 v 0 Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 30 / 62

Resiliency Lower Bound V v 0 0 v 2 v 0 0 v 1 v 1 σ 1 1 H σ T1 σ H v 0 σ T1 and σ H v 2 σ T1 decision(v 2 ) = 1 (2) 1 v 1 v 2 v 2 1 v 0 v 1 0 v 0 0 σ H v 2 v 1 0 v 0 σ T0 1 v σ 1 v H σ T0 and σ 2 H σ T0 decision(v 1 ) = decision(v 2 ) (3) 1 v 1 v 2 v 2 1 v 0 Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 30 / 62

Resiliency Lower Bound V v 0 0 v 2 v 0 0 v 1 v 1 σ 1 1 H σ T1 σ H v 0 σ T1 and σ H v 2 σ T1 decision(v 2 ) = 1 (2) 1 v 1 v 2 v 2 1 v 0 v 1 0 v 0 0 σ H v 2 v 1 0 v 0 σ T0 1 v σ 1 v H σ T0 and σ 2 H σ T0 decision(v 1 ) = decision(v 2 ) (3) 1 v 1 v 2 v v 0 2 1 Relations (1), (2) and (3) yield a contradiction. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 30 / 62

Resiliency Lower Bound VI Theorem 3.2. There is no solution to the Broadcast problem for n players in the presence of t corrupted players, if 3 n 3t Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 31 / 62

Resiliency Lower Bound VI Theorem 3.2. There is no solution to the Broadcast problem for n players in the presence of t corrupted players, if 3 n 3t Proof. Idea: Assume Broadcast protocol A with dealer v 0 for V = n, T n/3. Transform A into B Broadcast protocol for players v 0, v 1, v 2 and T = 1. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 31 / 62

Resiliency Lower Bound VI Theorem 3.2. There is no solution to the Broadcast problem for n players in the presence of t corrupted players, if 3 n 3t Proof. Idea: Assume Broadcast protocol A with dealer v 0 for V = n, T n/3. Transform A into B Broadcast protocol for players v 0, v 1, v 2 and T = 1. Partition V 0 V 1 V 2 = V s.t. i, 1 V i t. We let each v i simulate every v V i (messages and computation steps). Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 31 / 62

Resiliency Lower Bound VI Theorem 3.2. There is no solution to the Broadcast problem for n players in the presence of t corrupted players, if 3 n 3t Proof. Idea: Assume Broadcast protocol A with dealer v 0 for V = n, T n/3. Transform A into B Broadcast protocol for players v 0, v 1, v 2 and T = 1. Partition V 0 V 1 V 2 = V s.t. i, 1 V i t. We let each v i simulate every v V i (messages and computation steps). Protocol B Player v 0 : dealer in protocol B. If in A: v V i sends m to u V j, i j, then B: v i sends m to v j along with the identities of v, u. If in A: v V i decides on m, then B: v i decides on the value m. (If there are multiple values chooses one) Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 31 / 62

Resiliency Lower Bound VII V 0 v 0 v 1 v 2 V 1 V 2 For any execution a of B with T B = v j. Let a be the simulated execution of A, with T A = V j ( T A t). Validity: From Validity in A. Consistency: From Consistency in A. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 32 / 62

Bit Complexity Theorem 3.3 (Dolev, Reischuk 1985). Every Broadcast protocol which handles up to t corruptions (t < n 1), requires at least n(t + 1)/4 messages to be sent. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 33 / 62

Bit Complexity Theorem 3.3 (Dolev, Reischuk 1985). Every Broadcast protocol which handles up to t corruptions (t < n 1), requires at least n(t + 1)/4 messages to be sent. Proof. Assume scenarios: σ 0 with honest dealer D and x D = 0 σ 1 with honest dealer D and x D = 1, and let Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 33 / 62

Bit Complexity Theorem 3.3 (Dolev, Reischuk 1985). Every Broadcast protocol which handles up to t corruptions (t < n 1), requires at least n(t + 1)/4 messages to be sent. Proof. Assume scenarios: σ 0 with honest dealer D and x D = 0 σ 1 with honest dealer D and x D = 1, and let A(v) = {u V i N, j {0, 1} s.t. σ j (v, u, i) or σ j (u, v, i) } (Players that communicate with v in at least one scenario). Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 33 / 62

Bit Complexity Theorem 3.3 (Dolev, Reischuk 1985). Every Broadcast protocol which handles up to t corruptions (t < n 1), requires at least n(t + 1)/4 messages to be sent. Proof. Assume scenarios: σ 0 with honest dealer D and x D = 0 σ 1 with honest dealer D and x D = 1, and let A(v) = {u V i N, j {0, 1} s.t. σ j (v, u, i) or σ j (u, v, i) } (Players that communicate with v in at least one scenario). Let v V, s.t. A(v) < t + 1. Consider scenario σ : The scenario σ 1 with every u A(v) behaving towards v as in σ 0. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 33 / 62

Bit Complexity Theorem 3.3 (Dolev, Reischuk 1985). Every Broadcast protocol which handles up to t corruptions (t < n 1), requires at least n(t + 1)/4 messages to be sent. Proof. Assume scenarios: σ 0 with honest dealer D and x D = 0 σ 1 with honest dealer D and x D = 1, and let A(v) = {u V i N, j {0, 1} s.t. σ j (v, u, i) or σ j (u, v, i) } (Players that communicate with v in at least one scenario). Let v V, s.t. A(v) < t + 1. Consider scenario σ : The scenario σ 1 with every u A(v) behaving towards v as in σ 0. σ v σ0 decision v (σ ) = 0, and σ u σ1 decision u (σ ) = 1, u {H {v}} Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 33 / 62

Bit Complexity Theorem 3.3 (Dolev, Reischuk 1985). Every Broadcast protocol which handles up to t corruptions (t < n 1), requires at least n(t + 1)/4 messages to be sent. Proof. Assume scenarios: σ 0 with honest dealer D and x D = 0 σ 1 with honest dealer D and x D = 1, and let A(v) = {u V i N, j {0, 1} s.t. σ j (v, u, i) or σ j (u, v, i) } (Players that communicate with v in at least one scenario). Let v V, s.t. A(v) < t + 1. Consider scenario σ : The scenario σ 1 with every u A(v) behaving towards v as in σ 0. σ v σ0 decision v (σ ) = 0, and σ u σ1 decision u (σ ) = 1, u {H {v}} Hence A(v) t + 1 n(t + 1)/2 overall messages in both scenarios At least n(t + 1)/4 messages in σ 0 or σ 1. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Broadcast Basics 33 / 62

Locally Bounded Adversary Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 34 / 62

Locally Bounded Adversary Model t-locally Bounded Adversary [Koo04]: Can corrupt at most t players in each neighborhood. { At most t corruptions { At most t corruptions { At most t corruptions Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 35 / 62

Locally Bounded Adversary Model t-locally Bounded Adversary [Koo04]: Can corrupt at most t players in each neighborhood. { At most t corruptions { At most t corruptions { At most t corruptions Assumptions ˆ Honest Dealer ˆ Incomplete Network ˆ Byzantine Adversary ˆ Perfect Security ˆ Synchronous Channels ˆ Authenticated Channels Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 35 / 62

Locally Bounded Adversary Model t-locally Bounded Adversary [Koo04]: Can corrupt at most t players in each neighborhood. { At most t corruptions { At most t corruptions { At most t corruptions Assumptions ˆ Honest Dealer ˆ Incomplete Network ˆ Byzantine Adversary ˆ Perfect Security ˆ Synchronous Channels ˆ Authenticated Channels Results for Broadcast with honest dealer directly apply in the wireless Ad Hoc model due to consistency of local Broadcasts. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 35 / 62

Broadcast With Locally Bounded Adversary Topological restrictions on the adversary s corruption capacity ˆ Tolerate more corruptions ˆ Local restrictions local criteria for Ad Hoc network Broadcast. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 36 / 62

Broadcast With Locally Bounded Adversary Topological restrictions on the adversary s corruption capacity ˆ Tolerate more corruptions ˆ Local restrictions local criteria for Ad Hoc network Broadcast. Definitions ˆ t-local Set: A set W, s.t. W N (v) t, v V. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 36 / 62

Broadcast With Locally Bounded Adversary Topological restrictions on the adversary s corruption capacity ˆ Tolerate more corruptions ˆ Local restrictions local criteria for Ad Hoc network Broadcast. Definitions ˆ t-local Set: A set W, s.t. W N (v) t, v V. ˆ t-locally Safe Algorithm: Never causes a node to decide on an incorrect message under any t-local corruption set. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 36 / 62

Broadcast With Locally Bounded Adversary Topological restrictions on the adversary s corruption capacity ˆ Tolerate more corruptions ˆ Local restrictions local criteria for Ad Hoc network Broadcast. Definitions ˆ t-local Set: A set W, s.t. W N (v) t, v V. ˆ t-locally Safe Algorithm: Never causes a node to decide on an incorrect message under any t-local corruption set. ˆ t-locally Resilient Algorithm: Achieves Broadcast under any t-local set of corrupted players (locally tolerates t-corruptions). Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 36 / 62

Main Question Define the class of graphs where achieving Broadcast in the t-locally bounded model is possible (for a given t N). G t-locally resilient algorithm Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 37 / 62

Main Question Define the class of graphs where achieving Broadcast in the t-locally bounded model is possible (for a given t N). G t-locally resilient algorithm Main Question Rephrased ˆ For a given graph and dealer determine the maximum number of corruptions t max that can be locally tolerated. ˆ To this end: Introduce graph parameters to bound t max. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 37 / 62

The Certified Propagation Algorithm Certified Propagation Algorithm (CPA) [Koo04] 1 The dealer D sends its initial value x D all of its neighbors, decides on x D and terminates. 2 If a node decides on a value through a decision rule, it sends it to all its neighbors and terminates. D... Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 38 / 62

The Certified Propagation Algorithm Certified Propagation Algorithm (CPA) [Koo04] 1 The dealer D sends its initial value x D all of its neighbors, decides on x D and terminates. 2 If a node decides on a value through a decision rule, it sends it to all its neighbors and terminates. Decision Rules (i) (Neighbors of the dealer) Upon receiving the message x D from the dealer, decide on x D. D... Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 38 / 62

The Certified Propagation Algorithm Certified Propagation Algorithm (CPA) [Koo04] 1 The dealer D sends its initial value x D all of its neighbors, decides on x D and terminates. 2 If a node decides on a value through a decision rule, it sends it to all its neighbors and terminates. Decision Rules (i) (Neighbors of the dealer) Upon receiving the message x D from the dealer, decide on x D. (ii) Upon receiving message m from t + 1 distinct neighbors, decide on m. D... { At most t corruptions Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 38 / 62

The Certified Propagation Algorithm Certified Propagation Algorithm (CPA) [Koo04] 1 The dealer D sends its initial value x D all of its neighbors, decides on x D and terminates. 2 If a node decides on a value through a decision rule, it sends it to all its neighbors and terminates. Decision Rules (i) (Neighbors of the dealer) Upon receiving the message x D from the dealer, decide on x D. (ii) Upon receiving message m from t + 1 distinct neighbors, decide on m. D... { At most t corruptions At least 1 honest sends m Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 38 / 62

The Certified Propagation Algorithm Certified Propagation Algorithm (CPA) [Koo04] 1 The dealer D sends its initial value x D all of its neighbors, decides on x D and terminates. 2 If a node decides on a value through a decision rule, it sends it to all its neighbors and terminates. Decision Rules (i) (Neighbors of the dealer) Upon receiving the message x D from the dealer, decide on x D. (ii) Upon receiving message m from t + 1 distinct neighbors, decide on m. D... { At most t corruptions At least 1 honest sends m decision on an incorrect value is impossible Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 38 / 62

Resilience of CPA Definition 4.1 (Max CPA Resilience). t CPA max (G, D) The maximum number of corruptions that can be locally tolerated by CPA, for a G and dealer D. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 39 / 62

Resilience of CPA { Definition 4.1 (Max CPA Resilience). t CPA max (G, D) The maximum number of corruptions that can be locally tolerated by CPA, for a G and dealer D. 0 Safety L Adversary may Win U n Adversary Wins t t CPA max estimation A first goal: Approximate the value tmax CPA bounds. by computing upper and lower Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 39 / 62

A Lower Bound on t CPA max Graph parameter of [PP05] For a graph G and dealer D, X (G, D): Maximum integer x s.t. every node v has at least x neighbors closer to D than v is. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 40 / 62

A Lower Bound on t CPA max Graph parameter of [PP05] For a graph G and dealer D, X (G, D): Maximum integer x s.t. every node v has at least x neighbors closer to D than v is. Theorem 1 (Sufficient Condition [PP05]). For every graph G, dealer D and integer t < X (G, D)/2, CPA is t-locally resilient Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 40 / 62

A Lower Bound on t CPA max Graph parameter of [PP05] For a graph G and dealer D, X (G, D): Maximum integer x s.t. every node v has at least x neighbors closer to D than v is. Theorem 1 (Sufficient Condition [PP05]). For every graph G, dealer D and integer t < X (G, D)/2, CPA is t-locally resilient tmax CPA X /2 1 Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 40 / 62

Proof Sketch Observation The criterion implies a level ordering of the nodes w.r.t. the distance from the dealer. In a synchronous setting, information is propagated one level in each round. t < X (G, D)/2 X (G, D) 2t + 1 D. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 41 / 62

Proof Sketch - CPA Round 1 Observation The criterion implies a level ordering of the nodes w.r.t. the distance from the dealer. In a synchronous setting, information is propagated one level in each round. t < X (G, D)/2 X (G, D) 2t + 1 D. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 41 / 62

Proof Sketch - CPA Round 2 Observation The criterion implies a level ordering of the nodes w.r.t. the distance from the dealer. In a synchronous setting, information is propagated one level in each round. t < X (G, D)/2 X (G, D) 2t + 1 D { At most t corruptions. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 41 / 62

Proof Sketch - CPA Round k Observation The criterion implies a level ordering of the nodes w.r.t. the distance from the dealer. In a synchronous setting, information is propagated one level in each round. t < X (G, D)/2 X (G, D) 2t + 1 D { At most t corruptions. { At most t corruptions Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 41 / 62

Non-Tightness of the Lower Bound Condition t < X (G, D)/2 is not necessary for CPA. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 42 / 62

Non-Tightness of the Lower Bound. Condition t < X (G, D)/2 is not necessary for CPA. D Level k 1 Level k. v 2t + 1 m k m k+1 messages m k messages m k+1 messages Level k + 1 Node v with distance(v, D) = k may collect t + 1 identical values from decided neighbors in distance k and k + 1 as well. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 42 / 62

A Better Topological Parameter for CPA Condition of [PP05] A player will decide if he has at least 2t + 1 decided neighbors in smaller distance from the dealer than he is. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 43 / 62

A Better Topological Parameter for CPA New Condition A player will decide if he has at least 2t + 1 decided neighbors in smaller distance from the dealer than he is. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 43 / 62

A Better Topological Parameter for CPA New Condition A player will decide if he has at least 2t + 1 decided neighbors in smaller distance from the dealer than he is. Generalized Notion of Levels D v 1 v 2t+1 2t + 1 L 1 L 2 L m 1 L m. v n Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 43 / 62

A New Parameter for Bounding t CPA max Definitions [LPS13] For a graph G = (V, E) with dealer-node D, Minimum k-level Ordering L k (G, D): A partition V = m i=1 L i, m N, s.t. L 1 = N (D) and each level L i contains all the nodes that have at least k neighbors in the union of previous levels. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 44 / 62

A New Parameter for Bounding t CPA max Definitions [LPS13] For a graph G = (V, E) with dealer-node D, Minimum k-level Ordering L k (G, D): A partition V = m i=1 L i, m N, s.t. L 1 = N (D) and each level L i contains all the nodes that have at least k neighbors in the union of previous levels. K(G, D) def. = max{k N Minimum k-level Ordering L k (G, D)} Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 44 / 62

Lower Bound on t CPA max Theorem 5.1 (Sufficient Condition). For every graph G, dealer D and t N, if t < K(G, D)/2 then CPA is t-locally resilient. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 45 / 62

Lower Bound on t CPA max Theorem 5.1 (Sufficient Condition). For every graph G, dealer D and t N, if t < K(G, D)/2 then CPA is t-locally resilient. tmax CPA K(G, D)/2 1 Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 45 / 62

Lower Bound on t CPA max Theorem 5.1 (Sufficient Condition). For every graph G, dealer D and t N, if t < K(G, D)/2 then CPA is t-locally resilient. tmax CPA K(G, D)/2 1 Proof Sketch. L k (G, D) with k 2t + 1. D v1 v2t+1 L1 L2. Lm 1 Lm 2t + 1 vn Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 45 / 62

Lower Bound on t CPA max Theorem 5.1 (Sufficient Condition). For every graph G, dealer D and t N, if t < K(G, D)/2 then CPA is t-locally resilient. tmax CPA K(G, D)/2 1 Proof Sketch. L k (G, D) with k 2t + 1. D Decided Round 1: L 1 = N (D) v1 v2t+1 L1 L2. Lm 1 Lm 2t + 1 vn Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 45 / 62

Lower Bound on t CPA max Theorem 5.1 (Sufficient Condition). For every graph G, dealer D and t N, if t < K(G, D)/2 then CPA is t-locally resilient. tmax CPA K(G, D)/2 1 Proof Sketch. L k (G, D) with k 2t + 1. D Decided Round 1: L 1 = N (D) Round 2: L 1 L 2 v1 { L1 At most t corruptions v2t+1 L2. Lm 1 Lm 2t + 1 vn Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 45 / 62

Lower Bound on t CPA max Theorem 5.1 (Sufficient Condition). For every graph G, dealer D and t N, if t < K(G, D)/2 then CPA is t-locally resilient. tmax CPA K(G, D)/2 1 Proof Sketch. L k (G, D) with k 2t + 1. D Decided Round 1: L 1 = N (D) Round 2: L 1 L 2 Round m: m j=1 L j = V v1 At most t corrupted, decided neighbors of v Lm { L1 2t + 1 vn At most t corruptions v2t+1 L2. Lm 1 Lm Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 45 / 62

An equivalent Parameter [IS10] Observation Parameter K(G, D) equals X (G, D) of [IS10], which is defined using different kind of orderings. Definition of K(G, D) implies improved complexity, namely, where δ = min v V N (D) deg(v). [IS10]: O(E V ) K(G, D): O(E log δ) Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 46 / 62

Non-Tightness of the Lower Bound Proposition 5.2. There exists a family of instances, s.t. CPA is (K(G, D) 1)-locally resilient. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 47 / 62

Non-Tightness of the Lower Bound Proposition 5.2. There exists a family of instances, s.t. CPA is (K(G, D) 1)-locally resilient. D K(G, D) = t + 1 t + 1 players } 2t subsets v 1 v 2 v 2t K 2t } Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 47 / 62

Non-Tightness of the Lower Bound Proposition 5.2. There exists a family of instances, s.t. CPA is (K(G, D) 1)-locally resilient. D K(G, D) = t + 1 t + 1 players (t + 1 r) correct values } } r corruptions } 2t subsets v 1 v 2 v 2t K 2t } Proof Sketch. Due to trade-off of corruptions in the interconnected neighborhoods, each player receives at least t + 1 correct messages, thus CPA is t-locally resilient. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Locally Bounded Adversary 47 / 62

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback